Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Two things. Firstly to anyone running an incoming mail server, I strongly recommend using mail blacklists. I filter my mail using blacklists and strict rfc and the result is about 3-5 spams a week combined on all the accounts on my mail server. I used dnsstuff.com as a guide to finding the right combination of blacklists. I found the best way to find a blacklist was to handpick spam on your server, check the ip addresses against dnsstuff.com and check some legitimate emails. You should get an idea of which blacklists are reliable. When you find the right blacklist, go read the black lists terms and conditions first.

Anyway, for my question. I would like to block more spam. I have noticed there are certain addresses on my server that have never existed that are often spammed. Two of these addresses are info@mydomain and contact@mydomain. Is there a plugin for postfix where I can specify spamtraps on my server, any mail entering a spam trap will cause the IP to be blocked. 4 hours first time, 8 hours second time etc...? Also having rules saying that the first few times an ip is blocked, it is block with 4xx errors. As the IP spams more and more it should do 5xx.

The last line is for greylisting. It basically checks the connecting IP, from address, and to address and if it's hasn't seen that triplet before, it will temporarily block the email. This forces the sending server to resend the email. If it resends the email, then it goes through.

Most spammers don't resend email automatically. This will also stop a significant amount. Just install Postgrey.

Just the helo restrictions blocks about 40% of the spam coming into my server. I use check_helo_access to block mailers I would consider spammers but strickly speaking aren't. This list includes: tickle-corp.com,ringo.com,getitfree.net,hi5.com.

As for 'reject_unknown_sender_domain' this is also effective, but it gives me false positives. There are still a lot of legitimate sites that don't send from real domains. Without this directive and all the above between my home server and work server we have had 3 false positives in 8 months.

The reason I haven't yet implemented greylisting is for the same reason I dislike hotmail's spam filters.

My server uses the above mentioned filters before the data command is issued. That being considered, ANY message that is rejected will be sent back to the sender immediatly. The sender will know whether or not the message was recieved. It adds a certain level of confidence to the users of my server.

I have amavis that blocks any emails that are confirmed viruses and sends warnings for suspected viruses.

I don't have any spam folders or anything. This prevents people from missing important emails and saying 'oops it was in my spam folder'.

Trouble with greylisting is emails can be delayed up to 24 hours which may cause user frustration because the users are not aware of what is happening with their messages.

Mail servers should be configured to resend temporarily blocked email within a few minutes. I'm a System Admin for an ISP of about 40,000 customers and we use it. The block time we have set is 60 seconds. Very rarely do we see mail being delayed more than 5 minutes.

Mail servers should be configured to resend temporarily blocked email within a few minutes. I'm a System Admin for an ISP of about 40,000 customers and we use it. The block time we have set is 60 seconds. Very rarely do we see mail being delayed more than 5 minutes.

You could add the address to a file (call it postgrey_sender_whitelist or anything you want) with an OK and include it in smtpd_recipient_restrictions. Then that address would skip all the remaining checks in smtpd_recipient_restrictions. Just make sure check_sender_access comes before check_policy_service inet:127.0.0.1:60000.

If you have Postfix version 2.3 or greater, include this line in your smtpd_client_restrictions.

reject_unknown_client_hostname

If you have a version below 2.3 use: reject_unknown_client.

This rule will take the connecting server IP address and do a reverse DNS lookup (PTR record) on it. If it does not return a hostname, the mail is rejected. If the reverse DNS lookup does produce a hostname, then Postfix does a forward lookup on that hostname. If that lookup does not produce the original connecting IP or the lookup fails, the mail is rejected.

I did this, and spam was still getting through. So I checked, turned out I had setup a mail relay (for my domain and a coulpe of others) a while ago I had forgotten about. It was by the relay that all the extra spam was getting through.

I disabled the relay, I'll see if it works. I'll post my results here.